bazarbackdoor | 363b6e0bc8873a6a522fe9485c7d8b4cbcffa1da61787930341f94557487c5a8 | Triage

Submit
Reports

Overview

overview

Static

static

363b6e0bc8...a8.exe

windows7_x64

363b6e0bc8...a8.exe

windows10-2004_x64

Sharing

General

Target

363b6e0bc8873a6a522fe9485c7d8b4cbcffa1da61787930341f94557487c5a8
Size

227KB
Sample

220220-kfj2sabfcn
MD5

ebb740d3759131a9914b9aea588a246d
SHA1

bfd39fa8d787c1ca6f67e33b5426b4e982dca8bc
SHA256

363b6e0bc8873a6a522fe9485c7d8b4cbcffa1da61787930341f94557487c5a8
SHA512

95e53db8bfb9f7053d4ac5493853c1bc2b2363b9ff74ce9f992c0f3d28de87b5b20df93b1f4292546fca21bf60038299c6e63c191d9c4355ff860ea250696fb2

Score

10^/10

bazarbackdoor backdoor suricata

Static task

static1

Behavioral task

behavioral1

Sample

363b6e0bc8873a6a522fe9485c7d8b4cbcffa1da61787930341f94557487c5a8.exe

Resource

win7-en-20211208

bazarbackdoor backdoor suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

363b6e0bc8873a6a522fe9485c7d8b4cbcffa1da61787930341f94557487c5a8.exe

Resource

win10v2004-en-20220113

bazarbackdoor backdoor suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  363b6e0bc8873a6a522fe9485c7d8b4cbcffa1da61787930341f94557487c5a8
- Size
  
  227KB
- MD5
  
  ebb740d3759131a9914b9aea588a246d
- SHA1
  
  bfd39fa8d787c1ca6f67e33b5426b4e982dca8bc
- SHA256
  
  363b6e0bc8873a6a522fe9485c7d8b4cbcffa1da61787930341f94557487c5a8
- SHA512
  
  95e53db8bfb9f7053d4ac5493853c1bc2b2363b9ff74ce9f992c0f3d28de87b5b20df93b1f4292546fca21bf60038299c6e63c191d9c4355ff860ea250696fb2
Score

10^/10

bazarbackdoor backdoor suricata
- BazarBackdoor
  Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
  backdoor bazarbackdoor
- suricata: ET MALWARE Observed Malicious DNS Query (BazarLoader/Team9 Backdoor CnC Domain)
  suricata: ET MALWARE Observed Malicious DNS Query (BazarLoader/Team9 Backdoor CnC Domain)
  suricata
- Tries to connect to .bazar domain
  Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bazarbackdoorbackdoorsuricata

behavioral2

bazarbackdoorbackdoorsuricata

© 2018-2024

Terms | Privacy